Displaying 20 results from an estimated 1000 matches similar to: "CerbNG v1.0-RC2 is now avaliable!"
2003 Apr 13
2
chroot() as non-root user?
I suspect this has been asked before but I'll ask anyway.
Q1: Is it possible for a non-root process to perform a chroot?
My interest is this: I have a typical ISP hosting account (verio; on a
FreeBSD 4.4 server.) I'd like to install and run various CGI packages, yet
protect myself (and my email, and my .ssh keys) from bugs being exploited
in those CGI packages. Chroot at the start
2003 Jul 25
3
systrace for FreeBSD 5.1
I'm porting the most recent version of Neil Provos' systrace to FreeBSD 5.1.
I'm sending him the diffs to integrate into his distribution. I'd also like
to submit them to someone with FreeBSD for consideration, and hopefully
inclusion as a port or whatever you prefer.
Who could I send them to, or what would you prefer me to do with regard to
FreeBSD?
Thanks,
Rich Murphey
2003 Jul 12
5
jails, ipfilter & stunnel
I'm setting up a server where I plan to use Jails to improve security
I also have installed and am configuring ipfilter. Here are my
questions:
Because I'm using Jails, I will have to have multiple ip aliases on the
network interface. I will use ipfilter to specify what can go to each
of the addresses. (e.g., allow only incoming to port 80 on the jail
running apache).
Another
2016 May 16
1
Ransomware?
There is malware that names the files .crypt
A novel solution here
https://isc.sans.edu/diary/Novel+method+for+slowing+down+Locky+on+Samba+server+using+fail2ban/20805
though it seems locky specific
I use this non-samba solution in cron.hourly. Pretty awful, but it works for malware that I know
about. I have fast drives, so updatedb only takes a few seconds.
#!/bin/sh
updatedb
wait 20
if
2003 Apr 01
1
Jails and multihoming
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All,
are there any plans to allow FreeBSD jails to bind to more than one IP
address?
My scenario (virtual hosting) :
3 front-end hosts with 2 interfaces each, one on the public network, the
other on a private subnet.
1 back-end host, providing NFS mounts for the front-ends.
This scenarion is not uncommon in ISP environments, usually with a big
2006 Jun 09
0
Data authentication for geli(8) committed to HEAD.
Hi.
geli(8) from FreeBSD-CURRENT is now able to perform data integrity
verification (data authentication) using one of the following
algorithms:
- HMAC/MD5
- HMAC/SHA1
- HMAC/RIPEMD160
- HMAC/SHA256
- HMAC/SHA384
- HMAC/SHA512
One of the main design goals was to make it reliable and resistant to
power failures or system crashes. This was very important to commit both
data update and HMAC
2008 Dec 07
2
zvol_read() and zvol_write().
I can''t find anything using those functions. Can they be removed?
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type:
2007 Feb 18
3
Improper use of atomic_add_64().
Hi.
I noticed that when non-64bit variable is given as a second argument to
atomic_add_64() function, the result is invalid.
I found few places where such situation occurs. I wonder how this got
unnoticed with ztest, which fails on me within a few seconds (after I
started to use Solaris atomic operations) on assertions. Maybe this
only doesn''t work when compiled with gcc? Not sure, but
2006 Aug 25
4
Looking for confirmation.
Hi.
I''ve almost all file system functions working.
I started to run some heavy file system regression tests. They work. fsx
wasn''t able to break my port, but the test you can find here:
http://people.freebsd.org/~kan/fsstress.tar.gz
broke it. My kernel panics on this assertion (zfs_dir.c):
749: mutex_exit(&dzp->z_lock);
750:
751: error =
2007 Sep 21
4
ZFS (and quota)
I''m CCing zfs-discuss at opensolaris.org, as this doesn''t look like
FreeBSD-specific problem.
It looks there is a problem with block allocation(?) when we are near
quota limit. tank/foo dataset has quota set to 10m:
Without quota:
FreeBSD:
# dd if=/dev/zero of=/tank/test bs=512 count=20480
time: 0.7s
Solaris:
# dd if=/dev/zero of=/tank/test bs=512 count=20480
time: 4.5s
2004 Mar 08
4
Call for review: restricted hardlinks.
Hi.
I've no response from so@ in this topic, probably because leak of time,
so I'll try here.
Here is a patch that I'm planing to commit:
http://people.freebsd.org/~pjd/patches/restricted_hardlinks.patch
It adds two new sysctls:
security.bsd.hardlink_check_uid
security.bsd.hardlink_check_gid
If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged users
are not
2008 Jul 29
2
Unexpected b_hdr change.
Hi.
We''re testing the most recent ZFS version from OpenSolaris ported to
FreeBSD. Kris (CCed) observed strange situation. In function arc_read()
he had a panic on assertion that we try to unlock a lock which is not
beeing held:
rw_enter(&pbuf->b_hdr->b_datalock, RW_READER);
err = arc_read_nolock(pio, spa, bp, done, private, priority,
flags, arc_flags, zb);
2007 Mar 14
1
Check PRIV_VFS_MOUNT when jailed.
Hi.
I'd like to commit this patch:
http://people.freebsd.org/~pjd/patches/vfs_mount.c.9.patch
It currently should change nothing, but will be needed once we allow to
grant privileges for jails. I'd like to commit it now, so I can
experiment easier with my ZFS improvements.
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd@FreeBSD.org
2005 Jul 24
1
cvs commit: src/games/fortune/fortune fortune.c
On Sun, Jul 24, 2005 at 04:06:02PM +0200, Poul-Henning Kamp wrote:
+> In message <20050724135738.GM46538@darkness.comp.waw.pl>, Pawel Jakub Dawidek writes:
+>
+> >We should probably test entropy quality on boot.
+> >I've somewhere userland version of /sys/dev/rndtest/ which implements
+> >FIPS140-2 tests for (P)RNGs. We can use put it into rc.d/ and warn users.
2007 Apr 06
11
ZFS committed to the FreeBSD base.
Hi.
I''m happy to inform that the ZFS file system is now part of the FreeBSD
operating system. ZFS is available in the HEAD branch and will be
available in FreeBSD 7.0-RELEASE as an experimental feature.
Commit log:
Please welcome ZFS - The last word in file systems.
ZFS file system was ported from OpenSolaris operating system. The code
in under CDDL license.
I''d
2007 Aug 09
9
Is DTrace Vulnerable?
There is a Slashdot discussion today titled "Cambridge Researcher Breaks
OpenBSD Systrace". Slashdot anonymous member has a comment "Even Sun''s
Dtrace might be vulnerable." I don''t think it is. Comments?
Exploiting Concurrency Vulnerabilities in System Call Wrappers
http://www.watson.org/~robert/2007woot/2007usenixwoot-exploitingconcurrency.pdf
Abstract
2008 May 04
3
Some bugs/inconsistencies.
Hi.
I''m working on getting the most recent ZFS to the FreeBSD''s CVS. Because
of the huge amount of changes, I decided to work on ZFS regression
tests, so I''m more or less sure nothing broke in the meantime.
(Yes, I know about ZFS testsuite, but unfortunately I wasn''t able to
port it to FreeBSD, it was just too much work. I''m afraid it is too
2013 Jun 08
1
Request for review: Sandboxing dhclient using Capsicum.
Hi.
I have a series of patches to sandbox dhclient using Capsicum
(capability mode and capability rights for descriptors).
As usual, because chroot and setgid/setuid are not sandboxing
mechanisms, there are many problems with the current sandboxing:
- Access to various global namespaces (like process list, network, etc.).
- Access to RAW UDP socket.
- Read/write access to bpf.
- Access to RAW
2006 Mar 06
6
gmirror(8) and graid3(8) changes.
Hi.
Here you can find patches with changes to gmirror(8) and graid3(8):
http://people.freebsd.org/~pjd/patches/gmirror.7.patch
http://people.freebsd.org/~pjd/patches/graid3.patch
The patches does the following:
- Significant synchronization speed improvement. Now many parallel
synchronization I/O requests can be used instead of only one before.
Many people requested this.
- Close race
2004 Jan 06
5
Logging user activities
Hello,
What do you recommend for keeping track of user
activities? For preserving bash histories I followed
these recommendations:
http://www.defcon1.org/secure-command.html
They include using 'chflags sappnd .bash_history',
enabling process accounting, and the like.
My goal is to "watch the watchers," i.e. watch for
abuse of power by SOC people with the ability to view